Inactive Google redirect virus - need help

R

Rockhopper

Whatever the virus/rootkit is, it disables Malwarebytes when I try to run it and terminates the scan before it can complete. It did the same thing with HijackThis and Avira.

Here are the GMER and DDS Logs

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-22 18:53:52
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b Maxtor_6L200P0 rev.BAH41G10
Running: 5jlz0vx7.exe; Driver: C:\DOCUME~1\Kunkle\LOCALS~1\Temp\fwtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:116] F77339B5
Thread System [4:120] 86E3CE95

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by Kunkle at 18:54:00 on 2011-09-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\1264309036:3542918324.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kunkle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kunkle\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n033p/EN/install/gtdownlr.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/20.10/uploader2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181442852203
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://12.71.199.20/program/SonySncRz25View.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
TCP: Interfaces\{952C8DDC-4590-41FC-89C3-88FA76246AF5} : NameServer = 10.1.4.6,10.2.4.5
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\shrewsoft\vpn client\dtpd.exe -service --> c:\program files\shrewsoft\vpn client\dtpd.exe -service [?]
R2 iked;ShrewSoft IKE Daemon;c:\program files\shrewsoft\vpn client\iked.exe -service --> c:\program files\shrewsoft\vpn client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\shrewsoft\vpn client\ipsecd.exe -service --> c:\program files\shrewsoft\vpn client\ipsecd.exe -service [?]
R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 24192]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-22 41272]
S1 MpKsl13f96f5c;MpKsl13f96f5c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7469b12e-2238-46ea-9c66-38f118180675}\mpksl13f96f5c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7469b12e-2238-46ea-9c66-38f118180675}\MpKsl13f96f5c.sys [?]
S1 MpKsl4992d3eb;MpKsl4992d3eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31b621e8-2d8e-48b4-b02e-32b27d6986b9}\mpksl4992d3eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31b621e8-2d8e-48b4-b02e-32b27d6986b9}\MpKsl4992d3eb.sys [?]
S1 MpKsl600a58ac;MpKsl600a58ac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb66c11-eee5-4d3f-af78-71654337ec9e}\mpksl600a58ac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb66c11-eee5-4d3f-af78-71654337ec9e}\MpKsl600a58ac.sys [?]
S1 MpKsl7e2027eb;MpKsl7e2027eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38357042-92c0-4e0d-b663-4b31ffb31f1a}\mpksl7e2027eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38357042-92c0-4e0d-b663-4b31ffb31f1a}\MpKsl7e2027eb.sys [?]
S1 MpKsl94055755;MpKsl94055755;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b735bd3-006b-48f6-bfc8-e0fdc50806a0}\mpksl94055755.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b735bd3-006b-48f6-bfc8-e0fdc50806a0}\MpKsl94055755.sys [?]
S1 MpKsl9ed78d0e;MpKsl9ed78d0e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{684726e7-6e19-4646-9ca4-c107de13920d}\mpksl9ed78d0e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{684726e7-6e19-4646-9ca4-c107de13920d}\MpKsl9ed78d0e.sys [?]
S1 MpKsla055d409;MpKsla055d409;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c1376b2-d606-4848-a70e-ba4800e950f8}\mpksla055d409.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c1376b2-d606-4848-a70e-ba4800e950f8}\MpKsla055d409.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-3 136176]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-9-10 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-9-10 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-3 136176]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-9-2 11904]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-09-22 22:49:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-22 22:38:27 709968 ----a-w- c:\windows\isRS-000.tmp
2011-09-22 22:32:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 21:06:14 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-22 02:35:33 -------- d-----w- c:\program files\Avira
2011-09-22 02:17:26 -------- d--h--w- c:\windows\PIF
2011-09-22 01:57:13 -------- d-----w- C:\MGtools
2011-09-22 01:41:04 48016 --sha-w- c:\windows\system32\c_81784.nl_
2011-09-22 00:44:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-22 00:44:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-10 17:54:51 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-09-10 17:54:50 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-09-10 17:54:50 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-09-10 17:54:50 2469248 ----a-w- c:\windows\system32\BootMan.exe
2011-09-10 17:54:50 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-09-05 22:37:47 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-22 21:07:29 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-18 23:03:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2006-05-03 16:06:54 163328 --sha-w- c:\windows\system32\flvDX.dll
.
============= FINISH: 18:54:42.60 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2007 8:20:09 PM
System Uptime: 9/22/2011 6:40:40 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 9.181 GiB free.
D: is FIXED (NTFS) - 161 GiB total, 73.519 GiB free.
F: is FIXED (NTFS) - 373 GiB total, 206.069 GiB free.
I: is Removable
J: is Removable
L: is Removable
M: is Removable
N: is Removable
P: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-1673S________________JS07____\5&1E37D5F0&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SOHW-1673S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-1673S________________JS07____\5&1E37D5F0&0&0.0.0
Service: cdrom
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
Service: vvdsvc
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0009
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #10
PNP Device ID: ROOT\MS_PSCHEDMP\0009
Service: PSched
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0011
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #12
PNP Device ID: ROOT\MS_PSCHEDMP\0011
Service: PSched
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
==== System Restore Points ===================
.
RP1895: 9/3/2011 11:29:17 AM - Software Distribution Service 3.0
RP1896: 9/4/2011 1:59:32 AM - Software Distribution Service 3.0
RP1897: 9/4/2011 11:29:06 AM - Software Distribution Service 3.0
RP1898: 9/5/2011 11:29:07 AM - Software Distribution Service 3.0
RP1899: 9/6/2011 11:29:17 AM - Software Distribution Service 3.0
RP1900: 9/7/2011 6:44:56 AM - Software Distribution Service 3.0
RP1901: 9/7/2011 11:29:24 AM - Software Distribution Service 3.0
RP1902: 9/8/2011 11:49:47 AM - System Checkpoint
RP1903: 9/8/2011 3:51:46 PM - Software Distribution Service 3.0
RP1904: 9/9/2011 3:51:30 PM - Software Distribution Service 3.0
RP1905: 9/11/2011 12:17:21 AM - System Checkpoint
RP1906: 9/11/2011 1:59:00 AM - Software Distribution Service 3.0
RP1907: 9/11/2011 2:19:27 PM - Software Distribution Service 3.0
RP1908: 9/12/2011 2:19:32 PM - Software Distribution Service 3.0
RP1909: 9/13/2011 2:17:04 PM - Software Distribution Service 3.0
RP1910: 9/14/2011 3:24:56 PM - System Checkpoint
RP1911: 9/15/2011 1:44:55 PM - Software Distribution Service 3.0
RP1912: 9/16/2011 12:32:37 PM - Software Distribution Service 3.0
RP1913: 9/17/2011 1:15:56 PM - Software Distribution Service 3.0
RP1914: 9/18/2011 1:10:04 PM - Software Distribution Service 3.0
RP1915: 9/19/2011 1:09:57 PM - Software Distribution Service 3.0
RP1916: 9/20/2011 1:05:38 PM - Software Distribution Service 3.0
RP1917: 9/21/2011 1:06:10 PM - Software Distribution Service 3.0
RP1918: 9/21/2011 8:43:24 PM - Restore Operation
RP1919: 9/22/2011 6:24:14 PM - Removed Windows Defender
.
==== Installed Programs ======================
.
7-Zip 4.42
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.10
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Azureus
Blue's 123 Time Activities
Bonjour
calibre
Candy Land
Carbonite
Cisco Connect
DivX Setup
DivX Web Player
Dora Backpack
DVD Shrink 3.2
EASEUS Partition Master 9.0.0 Home Edition
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
GIMP 2.4.3
Glary Utilities 2.36.0.1232
Google Chrome
Google Talk Plugin
Google Update Helper
Goombah Partner COM Server
Greetings Workshop
HandBrake 0.9.3
HDHomeRun
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo DeviceService
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
JumpStart Advanced Kindergarten
Little Registry Cleaner
Logitech Legacy USB Camera Driver Package
Logitech QuickCam Driver Package
Logitech Updater
Logitech Webcam Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Drivers
Office Animation Runtime
OmniPage SE 2.0
OverDrive Media Console
Picasa 3
PowerDVD
QuickTime
Reader Rabbit's Kindergarten
Reader Rabbit's Math Ages 4-6
Reader Rabbit's Toddler
ReNamer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shrew Soft VPN Client
Skype Toolbars
Skype™ 4.1
StreamTorrent 1.0
System Requirements Lab
TeamViewer 6
Tux of Math Command (remove only)
Ulead VideoStudio 11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VIA Rhine-Family Fast Ethernet Adapter
VideoCam Suite
VideoStudio
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
vShare Plugin
Vuze
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Search 4.0
Windows XP Service Pack 3
ZoomTown Install Kit 10.0.0.0
.
==== Event Viewer Messages From Past Week ========
.
9/22/2011 5:43:06 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/22/2011 5:40:56 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/21/2011 9:56:50 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 9:56:44 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/21/2011 9:53:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
9/21/2011 9:37:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 ElbyCDIO Fips MpFilter
9/21/2011 9:36:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/21/2011 9:36:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2011 9:36:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
9/21/2011 9:14:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/21/2011 8:53:06 PM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2011 8:49:07 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
9/21/2011 8:48:55 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/21/2011 8:40:20 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 3:47:21 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
9/21/2011 3:47:06 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
9/21/2011 10:09:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 ElbyCDIO Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 10:09:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/20/2011 10:28:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
9/18/2011 2:24:45 AM, error: Microsoft Antimalware [2001] -
.
==== End Of File ===========================
 
Welcome to TechSpot! I note you've gathered some programs yourself to try and fix the problem! But I don't want you to run them while I'm helping you unless I direct you to: They are: TDSSKiller and MGtools
==============================
This should help with Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.Once done, try running a scan again
=============================
You have 5 outdated versions of Java. Please run the following then update to current v6u27:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
-----------------------------
And because of the outdated Java, you will have malware in the Java cache and it need to be removed:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
==================================
When finished with the above, please complete the following:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================
Please leave the Malwarebytes log and Combofix log in your next reply.
=================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
I replied last night, but it doesn't appear to have posted. I removed all of the older Java versions just fine and I cleared out the Java cache. I still cannot get malwarebytes to work. I'm able to start a scan, but it terminates in the middle of it. Combofix did the same thing. It started to scan, ran for about 5 seconds, and then just stopped.
 
Please run this:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
======================================
The above is specific- Sometime a rootkit will prevent the security scans from running.

I'll check the log and see if anything was found and we'll go from there. There is also a duet of programs that we sometimes run to stop the processes that are preventing the scans from running>
 
TDSKiller found 2 infected object. I quarantined both of them. Here is the TDSkiller log:


2011/09/25 12:39:42.0921 1320 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/25 12:39:42.0937 1320 ================================================================================
2011/09/25 12:39:42.0937 1320 SystemInfo:
2011/09/25 12:39:42.0937 1320
2011/09/25 12:39:42.0937 1320 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/25 12:39:42.0937 1320 Product type: Workstation
2011/09/25 12:39:42.0937 1320 ComputerName: MATTHEW
2011/09/25 12:39:42.0937 1320 UserName: Kunkle
2011/09/25 12:39:42.0937 1320 Windows directory: C:\WINDOWS
2011/09/25 12:39:42.0937 1320 System windows directory: C:\WINDOWS
2011/09/25 12:39:42.0937 1320 Processor architecture: Intel x86
2011/09/25 12:39:42.0937 1320 Number of processors: 1
2011/09/25 12:39:42.0937 1320 Page size: 0x1000
2011/09/25 12:39:42.0937 1320 Boot type: Normal boot
2011/09/25 12:39:42.0937 1320 ================================================================================
2011/09/25 12:39:44.0484 1320 Initialize success
2011/09/25 12:39:47.0843 6024 ================================================================================
2011/09/25 12:39:47.0843 6024 Scan started
2011/09/25 12:39:47.0843 6024 Mode: Manual;
2011/09/25 12:39:47.0843 6024 ================================================================================
2011/09/25 12:39:49.0531 6024 2cd35b4b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1264309036:3542918324.exe
2011/09/25 12:39:50.0875 6024 Suspicious file (Hidden): C:\WINDOWS\1264309036:3542918324.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/25 12:39:50.0906 6024 2cd35b4b - detected HiddenFile.Multi.Generic (1)
2011/09/25 12:39:50.0984 6024 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/09/25 12:39:51.0187 6024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/25 12:39:51.0296 6024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/25 12:39:51.0484 6024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/25 12:39:51.0625 6024 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/25 12:39:51.0984 6024 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/09/25 12:39:52.0234 6024 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/09/25 12:39:52.0390 6024 AnyDVD (7684252281cfb197ac4c38b33ac5b2a6) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/09/25 12:39:52.0515 6024 AR5523 (c3a2ff99c7469b8d06a102dcf8c4cff6) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2011/09/25 12:39:52.0703 6024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/25 12:39:52.0984 6024 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/09/25 12:39:53.0125 6024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/25 12:39:53.0218 6024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/25 12:39:53.0359 6024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/25 12:39:53.0453 6024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/25 12:39:53.0562 6024 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/09/25 12:39:53.0656 6024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/25 12:39:53.0796 6024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/25 12:39:53.0906 6024 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/25 12:39:54.0015 6024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/25 12:39:54.0109 6024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/25 12:39:54.0484 6024 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/09/25 12:39:54.0796 6024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/25 12:39:54.0921 6024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/25 12:39:55.0062 6024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/25 12:39:55.0125 6024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/25 12:39:55.0218 6024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/25 12:39:55.0421 6024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/25 12:39:55.0515 6024 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/09/25 12:39:55.0609 6024 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/09/25 12:39:55.0718 6024 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/09/25 12:39:55.0843 6024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/25 12:39:55.0937 6024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/25 12:39:56.0031 6024 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/09/25 12:39:56.0109 6024 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/09/25 12:39:56.0218 6024 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/09/25 12:39:56.0312 6024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/25 12:39:56.0390 6024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/25 12:39:56.0500 6024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/25 12:39:56.0625 6024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/25 12:39:56.0703 6024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/25 12:39:56.0812 6024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/25 12:39:56.0906 6024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/25 12:39:57.0203 6024 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/25 12:39:57.0484 6024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/25 12:39:57.0953 6024 i8042prt (61b114b5d0b0eb5342bead361fedae18) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/25 12:39:57.0968 6024 i8042prt - detected Rootkit.Win32.ZAccess.e (0)
2011/09/25 12:39:58.0078 6024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/25 12:39:58.0343 6024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/25 12:39:58.0437 6024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/25 12:39:58.0500 6024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/25 12:39:58.0640 6024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/25 12:39:58.0750 6024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/25 12:39:58.0859 6024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/25 12:39:58.0937 6024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/25 12:39:59.0046 6024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/25 12:39:59.0140 6024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/25 12:39:59.0250 6024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/25 12:39:59.0359 6024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/25 12:39:59.0625 6024 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/09/25 12:39:59.0890 6024 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/09/25 12:39:59.0984 6024 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/09/25 12:40:00.0109 6024 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/09/25 12:40:00.0218 6024 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/09/25 12:40:00.0546 6024 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/09/25 12:40:00.0812 6024 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/25 12:40:00.0921 6024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/25 12:40:01.0031 6024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/25 12:40:01.0125 6024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/25 12:40:01.0234 6024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/25 12:40:01.0296 6024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/25 12:40:01.0390 6024 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/25 12:40:01.0921 6024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/25 12:40:02.0015 6024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/25 12:40:02.0140 6024 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/09/25 12:40:02.0234 6024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/25 12:40:02.0343 6024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/25 12:40:02.0437 6024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/25 12:40:02.0531 6024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/25 12:40:02.0656 6024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/25 12:40:02.0718 6024 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/25 12:40:02.0828 6024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/25 12:40:02.0906 6024 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/25 12:40:03.0015 6024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/25 12:40:03.0125 6024 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/25 12:40:03.0218 6024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/25 12:40:03.0312 6024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/25 12:40:03.0406 6024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/25 12:40:03.0515 6024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/25 12:40:03.0625 6024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/25 12:40:03.0718 6024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/25 12:40:03.0890 6024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/25 12:40:04.0000 6024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/25 12:40:04.0093 6024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/25 12:40:04.0187 6024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/25 12:40:04.0468 6024 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/25 12:40:04.0781 6024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/25 12:40:04.0859 6024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/25 12:40:04.0953 6024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/25 12:40:05.0046 6024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/25 12:40:05.0140 6024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/25 12:40:05.0203 6024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/25 12:40:05.0296 6024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/25 12:40:05.0453 6024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/25 12:40:05.0546 6024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/25 12:40:06.0046 6024 pflt (a8ccce579c21eb77f95cbd9fa0035156) C:\WINDOWS\system32\DRIVERS\vfilter.sys
2011/09/25 12:40:06.0187 6024 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/09/25 12:40:06.0531 6024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/25 12:40:06.0875 6024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/25 12:40:06.0968 6024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/25 12:40:07.0078 6024 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/25 12:40:07.0453 6024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/25 12:40:07.0593 6024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/25 12:40:07.0687 6024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/25 12:40:07.0781 6024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/25 12:40:07.0875 6024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/25 12:40:07.0984 6024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/25 12:40:08.0109 6024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/25 12:40:08.0218 6024 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/25 12:40:08.0343 6024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/25 12:40:08.0578 6024 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/09/25 12:40:08.0671 6024 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/09/25 12:40:08.0796 6024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/25 12:40:08.0921 6024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/25 12:40:09.0031 6024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/25 12:40:09.0156 6024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/25 12:40:09.0359 6024 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/25 12:40:09.0531 6024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/25 12:40:09.0625 6024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/25 12:40:09.0718 6024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/25 12:40:09.0859 6024 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/25 12:40:09.0937 6024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/25 12:40:10.0031 6024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/25 12:40:10.0359 6024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/25 12:40:10.0515 6024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/25 12:40:10.0640 6024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/25 12:40:10.0734 6024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/25 12:40:10.0843 6024 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2011/09/25 12:40:10.0937 6024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/25 12:40:11.0187 6024 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/09/25 12:40:11.0250 6024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/25 12:40:11.0468 6024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/25 12:40:11.0640 6024 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/25 12:40:11.0718 6024 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/25 12:40:11.0812 6024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/25 12:40:11.0875 6024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/25 12:40:11.0984 6024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/25 12:40:12.0062 6024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/25 12:40:12.0171 6024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/25 12:40:12.0265 6024 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/25 12:40:12.0359 6024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/25 12:40:12.0453 6024 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/25 12:40:12.0593 6024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/25 12:40:12.0656 6024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/25 12:40:12.0734 6024 vnet (a8087593a397b43be57f4cd3aa11e81f) C:\WINDOWS\system32\DRIVERS\virtualnet.sys
2011/09/25 12:40:12.0796 6024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/25 12:40:12.0890 6024 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/09/25 12:40:13.0062 6024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/25 12:40:13.0203 6024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/25 12:40:13.0468 6024 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/25 12:40:13.0578 6024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/25 12:40:13.0656 6024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/25 12:40:13.0828 6024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/25 12:40:13.0875 6024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/25 12:40:14.0015 6024 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR5
2011/09/25 12:40:14.0062 6024 Boot (0x1200) (e041470b0665f1ea9d75c75221285412) \Device\Harddisk0\DR0\Partition0
2011/09/25 12:40:14.0109 6024 Boot (0x1200) (75f80a69692ef4097f55c65fd8f0d7aa) \Device\Harddisk1\DR1\Partition0
2011/09/25 12:40:14.0140 6024 Boot (0x1200) (0025bb2c17c22aed7f5db01036d40f57) \Device\Harddisk1\DR1\Partition1
2011/09/25 12:40:14.0171 6024 Boot (0x1200) (d1c35e251af4aea8dcab211929a9e248) \Device\Harddisk2\DR5\Partition0
2011/09/25 12:40:14.0203 6024 ================================================================================
2011/09/25 12:40:14.0203 6024 Scan finished
2011/09/25 12:40:14.0203 6024 ================================================================================
2011/09/25 12:40:14.0250 1500 Detected object count: 2
2011/09/25 12:40:14.0250 1500 Actual detected object count: 2
2011/09/25 12:40:32.0921 1500 2cd35b4b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1264309036:3542918324.exe
2011/09/25 12:40:32.0921 1500 Suspicious file (Hidden): C:\WINDOWS\1264309036:3542918324.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/25 12:40:32.0937 1500 C:\WINDOWS\1264309036:3542918324.exe - copied to quarantine
2011/09/25 12:40:32.0937 1500 HiddenFile.Multi.Generic(2cd35b4b) - User select action: Quarantine
2011/09/25 12:40:33.0015 1500 i8042prt (61b114b5d0b0eb5342bead361fedae18) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/25 12:40:33.0062 1500 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
2011/09/25 12:40:33.0062 1500 Rootkit.Win32.ZAccess.e(i8042prt) - User select action: Quarantine
 
OK, my problems have increased. After I restarted after running TDSKiller, my computer will no longer allow me to login from the Window's welcome screen. Something is blocking my keyboard from typing anything into the password box.
 
Can you get into Safe Mode?

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
 
I am puzzled by some of the entries in your system. This is one:
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
Service: vvdsvc
Click to expand...
==============================
There are a total of 46 plugins- Active X Objects.
6 are for outdated Java, so presumed gone as of now.
9 are for microsoft.com

This is an obvious malware entry:
{043C5167-00BB-4324-AF7E-62013FAEDACF} vShare Plugin vshare_toolbar.dll vShare / My Quick Search Toolbar, a Pugi type toolbar. Redirects home and search pages and entries related to it
=====================================
You are using Vuze, Azureus file sharing programs.
===================================
You can temporarily disable the Welcome screen by clicking on CTRL + ALT + DEL twice when the Welcome screen appears.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
380
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back